Photo of Tracy Marshall

Tracy Marshall

Subscribe to Tracy Marshall's Posts

Tracy Marshall counsels international and domestic for-profit and non-profit clients on a range of privacy, data security, advertising, promotions, and intellectual property matters. She also advises on general corporate and transactional matters.

Tracy assists clients with compliance and advocates on their behalf. She is a Certified Information Privacy Professional (CIPP/US) through the International Association of Privacy Professionals (IAPP) and helps clients implement privacy, data security, and security breach response programs, develop internal and public-facing privacy policies to comply with applicable laws, respond to cyber and data security incidents, and manage relationships with service providers and third parties. Tracy advises on structuring and conducting email and text messaging campaigns, sweepstakes, contests, and other promotions, and she helps clients protect and enforce their intellectual property rights.

In addition, Tracy counsels clients on corporate matters and assists with structuring and negotiating a variety of transactions, including licensing, marketing, and outsourcing arrangements.

Tracy is frequently invited to speak at privacy, data security, telecommunications, and advertising conferences and is a contributor to Keller and Heckman’s Consumer Protection Connection blog and Beyond Telecom Law Blog.

To learn more about Tracy's practice areas, click here.
Follow:Read more about Tracy MarshallTracy's Linkedin Profile

As the federal government continues to wrestle with the complex issue of regulating Artificial Intelligence (AI) in the wake of the release of President Biden’s Executive Order, states have already proposed or enacted AI regulation, and even more will attempt to tackle the issue in 2024. Two recent developments in AI regulation from California

How should companies respond to and report data security breaches nationally? What cybersecurity practices and procedures reflect current best practices? Two federal agency actions provide new rules and guidance and show that the cybersecurity landscape is changing. First, the U.S. Securities and Exchange Commission (SEC) adopted new rules earlier this month that will (among other

The Children’s Online Privacy Protection Act Rule (COPPA Rule) requires that online sites and services directed to children under 13 obtain parental consent before collecting or using children’s personal information and lists existing methods for such consent. Now the Federal Trade Commission (FTC) is seeking comments on whether it should expand its parental consent methods

When the California legislature passed the California Age-Appropriate Design Code Act (CAADCA or Act) AB 2273 in September of this year, it generated considerable controversy. Companies, trade associations, and even some non-governmental organizations questioned whether the law’s broad reach was not just counterproductive and likely to invade consumer privacy, but preempted by federal law and

Deceptive reviews and endorsements have been an increasing area of scrutiny by the Federal Trade Commission (FTC or Commission). In the last few years, the Commission has brought myriad complaints against companies for engaging in such practices. Last year, the FTC resurrected its long-dormant Penalty Offense Authority, warning more than 700 companies in a

At a press conference on August 11, 2022, the Federal Trade Commission (FTC or Commission) announced an Advance Notice of Proposed Rulemaking (ANPR), which was published, along with a fact sheet, to explore potential new rules governing what the FTC characterizes as prevalent “commercial surveillance” and “lax data security practices.” The FTC issued the

On May 12, 2022, the European Data Protection Board published guidelines with a methodology for calculating fines for violations of the General Data Protection Regulation (GDPR). These guidelines were subject to a public consultation until June 27, 2022.

Because these guidelines are likely to have an influence on future decisions by data protection authorities in

As we previously reported, the Federal Trade Commission (FTC) seeks comments on proposed updates to its Guides Concerning the Use of Endorsements and Testimonials in Advertising (Endorsement Guides). The FTC’s notice was published in the Federal Register on July 26, 2022 (87 Fed. Reg. 44288), and comments must be received by September 26, 2022.

On July 8, 2022, the California Privacy Protection Agency (Agency) announced the start of the formal rulemaking process to adopt proposed regulations implementing the California Privacy Rights Act (CPRA), which amends and expands the California Consumer Privacy Act (CCPA).

The CCPA entered into force on January 1, 2020; most of the CPRA’s provisions become effective